CVE-2015-3902
EPSS 0.22%
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configuration file.
How to fix CVE-2015-3902
To remediate CVE-2015-3902, upgrade the affected package to a fixed version below.
- Debian/phpmyadmin—upgrade to 4:4.4.6.1-1 or later
Is CVE-2015-3902 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4:4.4.6.1-1